Make WordPress Core

Changeset 1300


Ignore:
Timestamp:
05/17/2004 08:34:05 PM (20 years ago)
Author:
michelvaldrighi
Message:

using check_admin_referer for moves/deletions

Location:
trunk/wp-admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/link-manager.php

    r1200 r1300  
    8686    include_once('admin-header.php');
    8787
     88    check_admin_referer();
     89
    8890    // check the current user's level first.
    8991    if ($user_level < get_settings('links_minadminlevel'))
     
    116118    $standalone = 1;
    117119    include_once('admin-header.php');
     120
     121    check_admin_referer();
    118122
    119123    // check the current user's level first.
     
    154158    $standalone = 1;
    155159    include_once('admin-header.php');
     160
     161    check_admin_referer();
     162
    156163    // check the current user's level first.
    157164    if ($user_level < get_settings('links_minadminlevel'))
     
    175182    $standalone = 1;
    176183    include_once('admin-header.php');
     184
     185    check_admin_referer();
    177186
    178187    $link_url = $_POST['linkurl'];
     
    222231      $standalone = 1;
    223232      include_once('admin-header.php');
     233
     234      check_admin_referer();
    224235
    225236      $link_id = $_POST['link_id'];
     
    265276    $standalone = 1;
    266277    include_once('admin-header.php');
     278
     279    check_admin_referer();
    267280
    268281    $link_id = $_GET["link_id"];
  • trunk/wp-admin/users.php

    r1293 r1300  
    2525    $standalone = 1;
    2626    require_once('admin-header.php');
     27
     28    check_admin_referer()
     29
    2730    function filter($value) {
    2831        return ereg('^[a-zA-Z0-9\_-\|]+$',$value);
     
    102105    require_once('admin-header.php');
    103106
     107    check_admin_referer()
     108
    104109    if (empty($_GET['prom'])) {
    105110        header('Location: users.php');
     
    133138    $standalone = 1;
    134139    require_once('admin-header.php');
     140
     141    check_admin_referer()
    135142
    136143    $id = intval($_GET['id']);
Note: See TracChangeset for help on using the changeset viewer.